Earlier this year we announced that we’d begun offering free SSL certificates through Let’s Encrypt, an open source collaboration backed by some of the biggest names in the hosting and security industry. In the roughly 8 months that have passed we’ve found the program to be a huge success and the customer adoption rate has far exceeded what we initially expected. In light of that success, combined with our continuous effort to provide the most secure hosting platform possible, we’ve decided to become an official Let’s Encrypt sponsor! This is our first official sponsorship in our company history, and it’s one we couldn’t be both more proud of and excited about.
Happy to have @HawkHost on board as our newest sponsor!
— Let's Encrypt (@letsencrypt) November 3, 2016
As an official Let’s Encrypt sponsor we’re able to put our support behind what we believe is one of the most important issues facing the hosting industry today. More people are using the internet today than at any point in history and that’s not something that should be taken lightly. Whether you’re a hobbyist just setting up a basic website or you’re a young entrepreneur looking to get your business off the ground, it’s more important than ever to make sure your webiste is secure. Up until Let’s Encrypt was created you had to pay for the privilege of using SSL. Now they’re working diligently to make that a problem of the past, offering a free, trusted, signed, and fully secure SSL certificate to any end user on a compatible platform. It’s our responsibility as a web host to bring this technology to our customers in a simple and easy to use fashion.
Here at Hawk Host we’ve taken the Let’s Encrypt platform and made it accessible to all of our customers for all of their websites. Furthering our mission to provide a secure hosting platform we’re also extremely excited to announce a new AutoSSL feature, one that automatically installs a Let’s Encrypt SSL certificate on every website hosted from your account with us. Whether it’s your primary domain, a parked domain, or an addon domain they’ll all be secured with a Let’s Encrypt SSL certificate! Existing customers should see this applied to their accounts already. Simply visit any website you have hosted with us using https:// and your browser should show a trusted SSL certificate already installed. How exciting is that?
Providing a secure hosting environment is something we’re serious about. We’ve been working hard on this in recent months, starting with enabling two-factor authentication for both your client area and cPanel. Those two changes, along with our Let’s Encrypt sponsorship and AutoSSL feature, are items we’re going to continue building on to make sure everyone at Hawk Host enjoys a safe, secure, and overall reliable hosting experience.
Doesn’t look like it’s on here, yet: https://blog.hawkhost.com 🙂
I saw new “.well-known/acme-challenge” folder recently during ftp.
Is it due to the Let’s Encrypt?
Should this folder be deleted? Or should it be left untouched?
Very concerned with this, kindly clarify.
Thanks HH, you guys are the best!
Awesome
It is because of things like this and Hawkhost high security standard has that I host with you.
However now I am going to add a small suggestion, when somebody types in or clicks on http://blog.hawkhost.com/ it might be helpful to redirect them to the HTTPS site as not everybody knows it exists.
That is what I did with my blog, it is not hard to do, just add a couple of lines to .htaccess to redirect all visitors to HTTPS
Great movement, I must say.
But I just accessed sweetlovemessages.com with the https:// and it’s not appearing as though it’s been done.
Or am I getting something wrongly?
Fantastic news! Thank you for going the extra mile to support Let’s Encrypt and get SSL working for our sites. Plus 2FA? That’s awesome.
Could you please answer my question in this blog yesterday?
Or my email to support?
The support is unaware of such sponsorship and the SSL ready domain. And not able to answer me accurately.
Please look into this and come back to me urgently.
The .well-known folder is fine to leave alone. You can find more details about it at https://support.hawkhost.com/index.php?/Knowledgebase/Article/View/166/0/what-are-the-well-known-and-acme-challenge-directories-under-my-account
While waiting for your response, I’ve deleted the .well-known folder. What should I do now?
By the way, when I try my website with https and the .well-known folder is present, my website is not displaying correctly. What is happening?
And please inform your support Let’s Encrypt is automatically installed by HawkHost, as the support asked me if I’ve installed it myself.
The .well-known folder is used to verify you with Let’s Encrypt and it does not actually determine if you have SSL or not. If your domain failed validation our system will re-attempt it again in a few days. You can alternatively install Let’s Encrypt yourself using the interface in cPanel. So our support team is correct in asking if you installed it yourself or not.
This is a good news for me.
My website is supposed to display text plus many .jpg images.
THE OLD WAY STILL WORKS: When accessing via http://mysite.com OR http://www.mysite.com OR mysite.com —> text and all .jpg pictures show up just fine (as they have for years).
PROBLEM: When accessing via https://mysite.com —> text works fine, but .jpg images FAIL to appear.
What’s wrong here?
Will this work for VPS servers? I don’t see the option in my cpanel?
@Eric
It sounds like you’re mixing and matching serving of content. With your HTML it’s always best to use relative paths so this is never a problem. There are various web sites that will allow you to check why your site does not have a padlock which also most likely will apply to your problem. It’ll find images where you’re specifying http:// instead of https:// or a relative path.
@Ian
For a VPS since it’s your own server it’s not enabled by default. You can however enable AutoSSL using the AutoSSL option in cPanel. You can use their SSL provider or you can alternatively install the Let’s Encrypt plugin: https://documentation.cpanel.net/display/CKB/The+Let's+Encrypt+Plugin
https seems to be working for my sites, however, unless I type in the https, the site appears in http. Do I need to do a re-direct? How do I get the default to be https?
To redirect http to https you can add the following to the top of your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
1)I saw the following codes being added to my .htaccess file:-
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
What is the function of these codes? Is it really needed? Is it automatically added by the system(because I’ve not added these codes myself)?
2)I am currently using absolute path instead of relative path which would a mess if someone type “https” in-front. If I do not want the “https” function in my domain, what should I do?
In fact, is this Let’s Encrypt doing any difference to my domain than before it was installed(considering I do not want the “https”)?
wow thanks for hawkhost. now my blog get this facility
if only installed SSL on a subdomain, Whether it can ?
@Daniel
1) These are automatic this makes so the Let’s Encrypt certificate can be issued as it verifies your domain.
2) This just makes so your site will load over https compared to before where it would not. You could use .htaccess to rewrite back to http:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
It’s worth noting though that more and more search engines rank https sites higher. There are also browsers now that give warnings to users who are not visiting a site over https
@Om Sehat
You can install SSL on a subdomain as well as a domain it can protect all your potential URL’s.
how .htaccess settings after changing http to https?
ooh hawkhost, I am using you for my hosting. It is nice quality and cheap. Thank you
@Om Sehat
Yes subdomains also require SSL.
You can either install an SSL certificate for yourdomain.com or for any subdomain … In case you want to secure all subdomains of your domain(only one domain, then you can purchase SSL certificate from the renowned brands. AS I have purchased from godaddy. Free SSL certificate will also work.